<?php
/*LOGIN CASE*/

$user = $_POST['user']; /*Must have to add function to prevent command inyectors (disable <>, ;)*/
$ucpassword = $_POST['psswd'];
if (isset($user) && $user != "" && isset($ucpassword)) {
	$salt = substr ($user, 0, 2); /*Cut and take 2 words of the user*/
	$key_crypt = crypt ($ucpassword, $salt); /*Crypts and hash the password, phase 1*/
	$key_crypt = crypt ($ucpassword, $clave_crypt); /*Crypts more hash, phase 2. Security improvement strong*/
	
	//query = "SELECT * FROM user WHERE UserName = '$user'" . " AND Password = '$key_crypt'"; /*SQL Compare if the username and password matches*/
	/*$consulta = mysql_query ($query, $dbserver) or die ("ERROR 500: Internal error in the server (Unable to check the user)");
	$nfilas = mysql_num_rows ($consulta);
	if ($nfilas == 1) {
		$_SESSION["logID"] = $user;
		$_SESSION["logFN"] = $row["FirstName"];
		$_SESSION["logLN"] = $row["LastName"];
	}*/
}
else {
print("
<FORM ACTION='#' METHOD='POST'>

<center>
<P><LABEL>Username:</LABEL>
<INPUT TYPE='TEXT' NAME='user' SIZE='20'></P>

<P><LABEL>Password:</LABEL>
<INPUT TYPE='PASSWORD' NAME='psswd' SIZE='20'></P>

<P>
<INPUT TYPE='SUBMIT' VALUE='login it'>
</P>
</center>

</FORM>
");

}


?>